Controlling the Security Story

This is a hard article to read. For those that don’t want to read hate speech, I will briefly summarize.

On Tuesday, November 6th, the United States of America held a vote, the results of which upset a few people. Many of these people chose to express their feelings online, and were documented doing so. Because many of the individuals involved took no efforts to hide their identities, some of them were traced. Then, in a move that surprises me, Jezebel’s reporters started contacting schools to find out if the schools were aware of the situation and how they were dealing with it.

In most cases, the schools cited policies of not releasing information about minors… which I can’t fault. However, the hidden gem was Dr. Rick Brooks of Jackson Christian School, who said:

Addison’s words clearly do not reflect the values that we espouse and teach at Jackson Christian School, and are not representative of our broader school community. As such, we have visited with him about his actions and his attitude, and have disciplined him accordingly. As is our school policy, we will not share information about specific discipline cases.

Though we find Addison’s action and words deplorable, we hope that our continued encouragement and teaching will help him further avoid the mistakes of youth, and will help him to mature as a young man. I hope that you will be able to look beyond what he has done, and toward the man that he can and will become from this unfortunate learning experience.

And that, I think, is worth discussion.

People make mistakes. People grow and change. As adults, one of our social tasks is to help the young turn into people we can later respect. As employers and employees, we like to think we’re here to make money, but if that were the case, the world would be nothing but multi-level marketing. No, we need more. For many of us, we need to help others and tell stories. We love stories. In fact, the more business owners I work with, the more I find who are in business to help others … be it their customers or the employees.

Hate speech is one form of story-telling. Reporting is another.

But wait, isn’t this a security blog?

If we want to make money, we have to tell a story that’s good enough to get people to let us help them. If what we care about is helping others, we have to know when they need to be helped. If what we care about is stories, we have to know which stories are being told. Fundamentally, we have to know what’s going on.

It seems reasonable that most of these schools learned about what their students were saying after the first article was published. Basically, they learned the story that others were telling about them. They did not get to influence the narrative and were stuck in a reactive mode. Some did better than others, but if they had been listening to what others were saying, odds are the speech would have been addressed before the election.

And that is where DLP comes in. It’s marketed as Data Loss Prevention, but that’s not what it is. DLP is a story tool. It helps you identify what sorts of information exists on your network and lets you know when it leaves. It’s traditionally used for boring stuff like keeping social security and credit card numbers off the internet (sarcasm). However, like most security technologies, it can be used creatively. In this case, monitoring for a few keywords would have let the schools know quickly what students were saying (at least from the school networks). When running in non-blocking mode, it can collect data, so you can easily identify people that need improvement.

Similar internet-facing technologies can scan specific websites on a periodic basis to report the stories being told about you. This can help you identify the narratives and take corrective action for People, Processes and Technology before the story spins out of control and you’re stuck with no option but reaction.

Security technology is all too often viewed as “blocking” or prescriptive. When used properly, security technology enables the business. It helps you learn more and learn faster. This gives you control of your business, so you don’t have to keep finding your way in a world of constant attacks and errors.

Meta

Unlike you, attackers are not limited by resources, budgets, laws or ethics. They can launch any number
of attacks from anytime or anywhere. This means you have to maintain a strategic balance between defense and response. Learn More

Always stay a move ahead of your opponent.

If you are constantly focused on reacting, you are not taking the time to learn and adjust your security
strategy based on your experiences. Your attackers are constantly evolving, so you must, too … just a little faster. Learn More

Make better use of what you already have.

Before you invest in yet another expensive security project, fine-tune the security products you have in place.
Are your defense systems fully-patched? Have you turned on all the necessary bells and whistles that came with your original product? Learn More

The right security strategy for right now.

The days of defining and executing a rigid multi-year security plan are over. Since attackers are incentivized
for rapid change, you must also adapt to the always-evolving threat landscape. An inflexible security plan will create holes
quicker than you can fill them. Learn More

Part of your team, not instead of your team.

Without a highly-skilled and experienced staff of security experts, it is extremely difficult to remain unscathed
from the many possible attacks waged against your organization each day. Thus, it is sometimes necessary to leverage the knowledge
of others. Learn More

A smart investment for smart growth.

Once your internal operations are working well and you are effectively using what you have, it's time to grow.
But before you purchase another layer of protection, first identify what really matters to your business and create goals you
can measure to see if your next project will indeed be a success. Learn More